<!DOCTYPE html>
<html lang="zh">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>敏感信息泄露</title>
    <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700&display=fallback">
    <link rel="stylesheet" href="../../plugins/fontawesome-free/css/all.min.css">
    <link rel="stylesheet" href="../../plugins/overlayScrollbars/css/OverlayScrollbars.min.css">
    <link rel="stylesheet" href="../../dist/css/adminlte.min.css">
</head>
<body class="hold-transition dark-mode sidebar-mini layout-fixed layout-navbar-fixed layout-footer-fixed">
<div class="wrapper">
    <nav id="Navbar" class="main-header navbar navbar-expand navbar-dark"></nav>
    <aside id="Container" class="main-sidebar sidebar-dark-primary elevation-4"></aside>
    <div class="content-wrapper" id="Wrapper">
        <section class="content-header" id="WrapperHeader"></section>
        <section class="content">
            <div class="container-fluid">
                <div id="notice"></div>
                <div class="card card-primary card-outline">
                    <div class="card-header">
                        <h3 class="card-title">页面泄露敏感文件</h3>
                    </div>
                    <div class="card-body">
                        <div class="card card-primary">
                            <div class="card-header">
                                <h3 class="card-title">学生教学系统登录</h3>
                            </div>
                            <form action="" onsubmit="return false" id="Login">
                                <div class="card-body">
                                    <div class="form-group">
                                        <label for="username">用户名</label>
                                        <input type="text" class="form-control" name="username" id="username" placeholder="Enter username">
                                    </div>
                                    <div class="form-group">
                                        <label for="password">密码</label>
                                        <input type="password" class="form-control" name="password" id="password" placeholder="Password">
                                    </div>
                                </div>
                                <div class="card-footer">
                                    <button type="submit" class="btn btn-primary" onclick="doLogin()">登录</button>
                                </div>
                            </form>
                            <blockquote>
                                <p>用户名为学生学号。系统默认密码为：eru@123</p>
<!--                                修改人：信息中心罗奇葩 修改原因：目录变更已弃用 修改时间:2003年03月1日-->
<!--                                <a href="/upload/入学学生名单.xls">入学学生名单</a>-->
                            </blockquote>
                        </div>
                    </div>
                </div>
                <div class="card card-primary card-outline" id="showSource">
                    <div class="card-header">
                        <h3 class="card-title">源代码&amp;提示</h3>
                    </div>
                    <div class="card-body">
                        <div>
                            <p>敏感信息泄露可以是很多种方式的泄露且泄露的信息也各有不同。这里举例一个比较常见的例子。</p>
                            <pre><code>&lt;&excl;&#x2D;&#x2D;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x4FEE;&#x6539;&#x4EBA;&#xFF1A;&#x4FE1;&#x606F;&#x4E2D;&#x5FC3;&#x7F57;&#x5947;&#x8469;&#x20;&#x4FEE;&#x6539;&#x539F;&#x56E0;&#xFF1A;&#x76EE;&#x5F55;&#x53D8;&#x66F4;&#x5DF2;&#x5F03;&#x7528;&#x20;&#x4FEE;&#x6539;&#x65F6;&#x95F4;&colon;&#x32;&#x30;&#x30;&#x33;&#x5E74;&#x30;&#x33;&#x6708;&#x31;&#x65E5;&#x2D;&#x2D;&gt;&NewLine;&lt;&excl;&#x2D;&#x2D;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&#x20;&lt;&#x61;&#x20;&#x68;&#x72;&#x65;&#x66;&equals;&quot;&sol;&#x75;&#x70;&#x6C;&#x6F;&#x61;&#x64;&sol;&#x5165;&#x5B66;&#x5B66;&#x751F;&#x540D;&#x5355;&period;&#x78;&#x6C;&#x73;&quot;&gt;&#x5165;&#x5B66;&#x5B66;&#x751F;&#x540D;&#x5355;&lt;&sol;&#x61;&gt;&#x2D;&#x2D;&gt;</code></pre>
                        </div>
                    </div>
                </div>
            </div>
        </section>
    </div>
</div>

    <aside class="control-sidebar control-sidebar-dark">
        <!-- Control sidebar content goes here -->
    </aside>
    <footer class="main-footer"></footer>
    <script src="../../dist/js/templateHandle.js"></script>
    <script>
        setWrapperHeader("敏感信息泄露", ["页面泄露敏感文件"]);
    </script>
    <script src="../../plugins/jquery/jquery.min.js"></script>
    <script src="../../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
    <script src="../../plugins/overlayScrollbars/js/jquery.overlayScrollbars.min.js"></script>
    <script src="../../dist/js/adminlte.js"></script>
    <script>
        function doLogin(){
            let data = {
                number: $("#username")[0].value,
                password: $("#password")[0].value,
            }
            $.post({
                url: `${project_name}infoleak/studentLogin`,
                data,
                dataType: "json",
                success(resp){
                    if(resp["loginStatus"]){
                        $("#notice")[0].innerHTML = generateNote("登录成功！");
                    } else {
                        $("#notice")[0].innerHTML = generateNote("登录失败，账号或者密码错误！");
                    }
                }
            })
        }
    </script>
</body>
</html>
